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CLASSIFYING E-MAIL CONNECTIONS FOR POLICY ENFORCEMENT 

BACKGROUND OF THE INVENTION 
Statement of the Technical Field 

[0001] The present invention relates to the processing electronic mail and more 
particularly to limiting the transmission of electronic mail based upon the identity of the 
transmission source. 

Description of the Related Art 

[0002] Historically, the print medium served as the principal mode of unsolicited mass 
advertising on the part of the direct marketing industry. Typically referred to as "junk 
mail", unsolicited print marketing materials could be delivered in bulk to a vast selection 
of recipients, regardless of whether the recipients requested the marketing materials. 
With an average response rate of one to two percent, junk mail has been an effective 
tool in the generation of new sales leads. Nevertheless, recipients of junk mail 
generally find the practice to be annoying. Additionally, postage for sending junk mail 
can be expensive for significant "mail drops". Consequently, the direct marketing 
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industry constantly seeks equally effective, but less expensive modalities for delivering 
unsolicited marketing materials. 

[0003] The advent of electronic mail has provided much needed relief for direct 
marketers, as the delivery of electronic mail to a vast number of targeted recipients 
requires no postage. Moreover, the delivery of unsolicited electronic mail can be an 
instantaneous exercise and the unsolicited electronic mail can include embedded 
hyperlinks to product or service information thus facilitating an enhanced response rate 
for the "mail drop". Still, as is the case in the realm of print media, unsolicited electronic 
mail remains an annoyance to consumers worldwide. 

[0004] The term "spam" has been assigned to unsolicited commercial electronic mail. 
For many, spam represents a scourge upon the Internet consuming unnecessary 
bandwidth, excess computing resources and the time of millions of Internet users. 
Ironically, while electronic mail in the past has been viewed as the "killer" application 
designed to provide vast efficiencies in the field of global communications, spam 
threatens to minimize the effectiveness of electronic mail by imposing upon electronic 
mail users the obligation of screening incoming messages to detect spam. 
Consequently, many avoid the use of electronic mail simply to avoid spam. 

[0005] Several techniques have been developed to combat the spread of spam. 
Spam filters have been disclosed in which textual patterns within electronic mail can be 
correlated to known patterns associated with spam. Where an electronic message 
includes text matching a known spam pattern, the delivery of the electronic message 
can be suppressed. By comparison, many convention electronic mail clients include 
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functionality for identifying a message as spam. Upon identifying a message as spam, 
the domain of the sender can be associated with spam such that subsequent messages 
transmitted from the domain of the sender can be suppressed as spam. 

[0006] Nevertheless, the skilled artisan will recognize that each of the foregoing spam 
combating techniques can be characterized at best as client-side application layer 
techniques. In this regard, so long as the number and nature of individual electronic 
mail clients vary, so too will the effectiveness of the spam combating techniques. 
Similarly, electronic mail filtering applications can differ widely and, again, depending 
upon the implementation, the effectiveness can vary as well. Notably, all electronic mail 
clients exchange information at the protocol layer using a universally adopted mail 
protocol-the simple mail transfer protocol (SMTP). Accordingly, what is needed is a 
more effective methodology for combating spam exclusive of the client side mail client 
which can span varying mail clients while maintaining a constant level of effectiveness. 
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SUMMARY OF THE INVENTION 

[0007] The present invention addresses the deficiencies of the art in respect to 
unsolicited commercial electronic mail and provides a novel and non-obvious method, 
system and apparatus for the policy-based restriction of electronic mail transmissions. 
A method for classifying electronic mail message transfer requests for policy 
enforcement can include identifying a source of an incoming electronic message, 
classifying the source, and applying a message transfer policy associated with the 
classification for the source. 

[0008] In particular, the identifying step can include identifying a network address for 
the source. The classifying step by comparison, can include classifying the source as 
one of a trusted source, a blocked source, and a suspect source. The classifying step 
also can include classifying the source as one of an authenticated source and an 
anonymous source. Finally, the classifying step further can include classifying the 
source as a blocked source where the source appears in a realtime black hole list. 
Alternatively, the classifying step further can include classifying the source as a suspect 
source where the source appears in a realtime black hole list. In any case, the source 
can be classified as an authenticated source only where an authenticated connection 
has been established with the source. 

[0009] Additional aspects of the invention will be set forth in part in the description 
which follows, and in part will be obvious from the description, or may be learned by 
practice of the invention. The aspects of the invention will be realized and attained by 
means of the elements and combinations particularly pointed out in the appended 
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claims. It is to be understood that both the foregoing general description and the 
following detailed description are exemplary and explanatory only and are not restrictive 
of the invention, as claimed. 
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BRIEF DESCRIPTION OF THE DRAWINGS 



[0010] The accompanying drawings, which are incorporated in and constitute part of 
this specification, illustrate embodiments of the invention and together with the 
description, serve to explain the principles of the invention. The embodiments 
illustrated herein are presently preferred, it being understood, however, that the 
invention is not limited to the precise arrangements and instrumentalities shown, 
wherein: 

[0011] Figure 1 \s a schematic illustration of a mail processing system configured to 
classify and process incoming electronic mail messages based upon associated 
policies; and, 

[001 2] Figure 2 is a flow chart illustrating a process for classifying and processing 
process incoming electronic mail messages based upon associated policies. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 



[0013] The present invention is a system, method and apparatus for classifying and 
processing process incoming electronic mail messages based upon associated policies. 
In accordance with the present invention, prior to delivering an electronic message to a 
mail client, the incoming electronic message can be classified based upon the source of 
the incoming message. A policy associated with the classification can be used to 
determine how to process the incoming message. For instance, at one extreme a policy 
can indicate that all messages associated with a trusted classification are to be 
delivered, while at another extreme, a policy can indicate that all messages associated 
with a blocked classification are never to be delivered. In this way, spam can be 
intelligently handled uniformly and automatically without regard to the varying nature of 
disparate electronic mail clients. 

[0014] In further illustration, Figure 1 is a schematic diagram of a mail processing 
system configured to classify and process incoming electronic mail messages based 
upon associated policies. The system can include a mail server 110 coupled to one or 
more sources of electronic messages 120A, 120B, 120n over a computer 
communications network 130, for instance the global Internet. The mail server 1 10 can 
be configured to receive messages 140 from the sources 120A, 120B, 120n which have 
been addressed to one or more message recipients 190A, 190B, 190n, also coupled to 
the mail server 110. Notably, in a preferred aspect of the invention the mail server 110 
can be configured to process electronic messages according to SMTP. 
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[0015] Importantly, a classification processor 150 can be coupled to or included as 
part of the mail server 110. The classification processor 150 can be programmed to 
inspect all or part of the connection data 160 associated with an electronic message 
140 in order to classify the source 120A, 120B, 120n of the electronic message 140. To 
assist in the classification process, the classification processor 150 can be coupled to 
classification tables 170A, 170B, 170C, 170D, 170E each of which can include a listing 
of message sources 120A, 120B, 120n. For example, the trusted table 170A can 
include a listing of those sources 120A, 120B, 120n which are trusted, while the blocked 
table 170E can include a listing of those sources 120A, 120B, 120n which are to be 
blocked from sending electronic messages to the recipients 190A, 190B, 190n. 

[0016] In accordance with the present invention, a set of policies 180 can be 
associated with the classifications applicable to the sources 120A, 120B, 120n. In this 
regard, the classification processor 150 can classify the source of an incoming message 
140 based upon the connection data 160, for example the network address, a portion of 
the network address, or some such other identifying information included in or in 
association with the message 140. Based upon the classification of the message 140, a 
selected one of the policies 180 can be applied which can specify a course of action for 
limiting or permitting the transfer of the message to an intended one of the recipients 
190A, 190B, 190C. 

[0017] In more particular illustration, Figure 2 is a flow chart showing a process for 
classifying and processing process incoming electronic mail messages based upon 
associated policies. Beginning in block 205, a message transfer request can be 
received. In decision block 210, it can be determined whether the request is to be 
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authenticated. For example, in SMTP, one of a plain text or encoded authentication 
process can be undertaken prior to transferring a message into the mail server. In block 
215, if the connection has been authenticated, the request can be classified as 
"Authenticated". Otherwise, the process can continue in block 220. 

[0018] In block 220, the table of trusted sources can be accessed to determine in 
decision block 225 whether the source of the message transfer request has been 
included in the table of trusted sources. If so, in block 230 the source of the message 
transfer request can be classified as "trusted". Otherwise the process can continue in 
block 235. In block 235, a table of suspect sources can be accessed. As before, in 
decision block 240 it can be determined whether the source of the message transfer 
request has been included in the table of suspect sources. If so, in block 245 the 
source of the message transfer request can be classified as "suspect". Otherwise, the 
process can continue in block 250. 

[0019] In block 250, a realtime black hole list can be accessed to determine in 
decision block 255 whether the source of the message transfer request has been 
included in the realtime black hole list. If so, in block 260 the source of the message 
transfer request can be classified as "suspect". In an alternative embodiment, the 
source of the transfer request can be classified as "blocked". Otherwise the process 
can continue in block 265. In block 265, a table of blocked sources can be accessed. 
As before, in decision block 270 it can be determined whether the source of the 
message transfer request has been included in the table of blocked sources. If so, in 
block 275 the source of the message transfer request can be classified as "blocked". 
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Otherwise, in block 280 the source of the message transfer request can be classified as 
"anonymous". 

[0020] Notably, in all cases, in block 285 a policy can be applied to the message 
transfer request based upon the classification of the message request source. For 
instance, where the source of the message transfer request has been classified as 
trusted or authenticated, the message transfer request can be satisfied without 
objection. In contrast, where the source of the message transfer request has been 
classified as blocked, the message transfer request can be quashed. Finally, where the 
source of the message transfer request has been classified as suspect or anonymous, 
the message transfer request can be handled such that the ability of the source to 
transmit messages to intended recipients can be limited. In any case, the policies can 
define message transmission decisions aimed at curbing the transmission of spam 
without undermining the effectiveness of the electronic mail medium. 

[0021] The present invention can be realized in hardware, software, or a combination 
of hardware and software. For example, the data handling policy can be stored in a 
database. An implementation of the method and system of the present invention can be 
realized in a centralized fashion in one computer system, or in a distributed fashion 
where different elements are spread across several interconnected computer systems. 
Any kind of computer system, or other apparatus adapted for carrying out the methods 
described herein, is suited to perform the functions described herein. For example, the 
• data handling policy can be stored in a database. 
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[0022] A typical combination of hardware and software could be a general purpose 
computer system having a central processing unit and a computer program stored on a 
storage medium that, when loaded and executed, controls the computer system such 
that it carries out the methods described herein. The present invention can also be 
embedded in a computer program product, which comprises all the features enabling 
the implementation of the methods described herein, and which, when loaded in a 
computer system is able to carry out these methods. Storage medium refers to any 
volatile or non-volatile storage device. 

[0023] Computer program or application in the present context means any 
expression, in any language, code or notation, of a set of instructions intended to cause 
a system having an information processing capability to perform a particular function 
either directly or after either or both of the following a) conversion to another language, 
code or notation; b) reproduction in a different material form. Significantly, this invention 
can be embodied in other specific forms without departing from the spirit or essential 
attributes thereof, and accordingly, reference should be had to the following claims, 
rather than to the foregoing specification, as indicating the scope of the invention. 
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